CVE-2015-2811

XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:netweaver_enterprise_portal:7.31:*:*:*:*:*:*:*

History

21 Nov 2024, 02:28

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/132358/SAP-NetWeaver-Portal-7.31-XXE-Injection.html - () http://packetstormsecurity.com/files/132358/SAP-NetWeaver-Portal-7.31-XXE-Injection.html -
References () http://seclists.org/fulldisclosure/2015/Jun/64 - () http://seclists.org/fulldisclosure/2015/Jun/64 -
References () http://www.securityfocus.com/archive/1/535827/100/800/threaded - () http://www.securityfocus.com/archive/1/535827/100/800/threaded -
References () http://www.securityfocus.com/bid/73691 - () http://www.securityfocus.com/bid/73691 -
References () https://erpscan.io/advisories/erpscan-15-006-sap-netweaver-portal-reportxmlviewer-xxe/ - () https://erpscan.io/advisories/erpscan-15-006-sap-netweaver-portal-reportxmlviewer-xxe/ -

Information

Published : 2015-04-01 14:59

Updated : 2024-11-21 02:28


NVD link : CVE-2015-2811

Mitre link : CVE-2015-2811

CVE.ORG link : CVE-2015-2811


JSON object : View

Products Affected

sap

  • netweaver_enterprise_portal